summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortedu <>2014-05-05 18:38:42 +0000
committertedu <>2014-05-05 18:38:42 +0000
commit8a2ad91eb74608515572021d6669f1baba121e75 (patch)
treefecb97ef019ce703123a21bd3be7d59d759c8dd6 /src/lib
parent8fa46cda04d0da87e6504a0b57f0646186f9e2a4 (diff)
downloadopenbsd-8a2ad91eb74608515572021d6669f1baba121e75.tar.gz
openbsd-8a2ad91eb74608515572021d6669f1baba121e75.tar.bz2
openbsd-8a2ad91eb74608515572021d6669f1baba121e75.zip
inspired by a cloudflare diff, cleanse old memory when expanding a bignum.
however, instead of trying to audit all the places where a secret bignum is used, apply the big hammer and clear all bignums when freed. ok deraadt miod
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/bn/bn_lib.c26
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_lib.c26
2 files changed, 18 insertions, 34 deletions
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 9787a31dbb..a8022f6668 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -226,22 +226,11 @@ void BN_clear_free(BIGNUM *a)
226 free(a); 226 free(a);
227 } 227 }
228 228
229void BN_free(BIGNUM *a) 229void
230 { 230BN_free(BIGNUM *a)
231 if (a == NULL) return; 231{
232 bn_check_top(a); 232 BN_clear_free(a);
233 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) 233}
234 free(a->d);
235 if (a->flags & BN_FLG_MALLOCED)
236 free(a);
237 else
238 {
239#ifndef OPENSSL_NO_DEPRECATED
240 a->flags|=BN_FLG_FREE;
241#endif
242 a->d = NULL;
243 }
244 }
245 234
246void BN_init(BIGNUM *a) 235void BN_init(BIGNUM *a)
247 { 236 {
@@ -400,7 +389,10 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
400 { 389 {
401 BN_ULONG *a = bn_expand_internal(b, words); 390 BN_ULONG *a = bn_expand_internal(b, words);
402 if(!a) return NULL; 391 if(!a) return NULL;
403 if(b->d) free(b->d); 392 if(b->d) {
393 OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
394 free(b->d);
395 }
404 b->d=a; 396 b->d=a;
405 b->dmax=words; 397 b->dmax=words;
406 } 398 }
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 9787a31dbb..a8022f6668 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -226,22 +226,11 @@ void BN_clear_free(BIGNUM *a)
226 free(a); 226 free(a);
227 } 227 }
228 228
229void BN_free(BIGNUM *a) 229void
230 { 230BN_free(BIGNUM *a)
231 if (a == NULL) return; 231{
232 bn_check_top(a); 232 BN_clear_free(a);
233 if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) 233}
234 free(a->d);
235 if (a->flags & BN_FLG_MALLOCED)
236 free(a);
237 else
238 {
239#ifndef OPENSSL_NO_DEPRECATED
240 a->flags|=BN_FLG_FREE;
241#endif
242 a->d = NULL;
243 }
244 }
245 234
246void BN_init(BIGNUM *a) 235void BN_init(BIGNUM *a)
247 { 236 {
@@ -400,7 +389,10 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
400 { 389 {
401 BN_ULONG *a = bn_expand_internal(b, words); 390 BN_ULONG *a = bn_expand_internal(b, words);
402 if(!a) return NULL; 391 if(!a) return NULL;
403 if(b->d) free(b->d); 392 if(b->d) {
393 OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
394 free(b->d);
395 }
404 b->d=a; 396 b->d=a;
405 b->dmax=words; 397 b->dmax=words;
406 } 398 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 08:29:36 +0000